Update to upstream
* Use correct color range in mcstrand by Richard Haines.
This commit is contained in:
Dan Walsh
parent
5898ea81d9
commit
9f65a26864
1
.gitignore
vendored
1
.gitignore
vendored
@ -223,3 +223,4 @@ sepolgen-1.0.23.tgz
|
|||||||
policycoreutils-2.0.83.tgz
|
policycoreutils-2.0.83.tgz
|
||||||
/policycoreutils-2.0.84.tgz
|
/policycoreutils-2.0.84.tgz
|
||||||
/policycoreutils-2.0.85.tgz
|
/policycoreutils-2.0.85.tgz
|
||||||
|
/policycoreutils-2.0.86.tgz
|
||||||
|
|||||||
@ -3194,10 +3194,10 @@ index 3f9efba..7c6d75a 100644
|
|||||||
+/etc/selinux/{SELINUXTYPE}/seusers
|
+/etc/selinux/{SELINUXTYPE}/seusers
|
||||||
|
|
||||||
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
||||||
index ae519fc..0890811 100755
|
index ae519fc..7d21ea3 100755
|
||||||
--- a/policycoreutils/scripts/fixfiles
|
--- a/policycoreutils/scripts/fixfiles
|
||||||
+++ b/policycoreutils/scripts/fixfiles
|
+++ b/policycoreutils/scripts/fixfiles
|
||||||
@@ -21,6 +21,25 @@
|
@@ -21,6 +21,44 @@
|
||||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -3210,12 +3210,31 @@ index ae519fc..0890811 100755
|
|||||||
+ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
|
+ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
|
||||||
+done
|
+done
|
||||||
+}
|
+}
|
||||||
+
|
+exclude_dirs_from_relabelling() {
|
||||||
|
+ exclude_from_relabelling=
|
||||||
|
+ if [ -e /etc/selinux/fixfiles_exclude_dirs ]
|
||||||
|
+ then
|
||||||
|
+ while read i
|
||||||
|
+ do
|
||||||
|
+ # skip blank line and comment
|
||||||
|
+ # skip not absolute path
|
||||||
|
+ # skip not directory
|
||||||
|
+ [ -z "${i}" ] && continue
|
||||||
|
+ [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
|
||||||
|
+ [[ ! "${i}" =~ ^/.* ]] && continue
|
||||||
|
+ [[ ! -d "${i}" ]] && continue
|
||||||
|
+ exclude_from_relabelling="$exclude_from_relabelling -e $i"
|
||||||
|
+ logit "skipping the directory $i from relabelling"
|
||||||
|
+ done < /etc/selinux/fixfiles_exclude_dirs
|
||||||
|
+ fi
|
||||||
|
+ echo "$exclude_from_relabelling"
|
||||||
|
+}
|
||||||
+exclude_dirs() {
|
+exclude_dirs() {
|
||||||
+ exclude=
|
+ exclude=
|
||||||
+ for i in /var/lib/BackupPC /home /tmp /dev; do
|
+ for i in /var/lib/BackupPC /home /tmp /dev; do
|
||||||
+ [ -e $i ] && exclude="$exclude -e $i";
|
+ [ -e $i ] && exclude="$exclude -e $i";
|
||||||
+ done
|
+ done
|
||||||
|
+ exclude="$exclude `exclude_dirs_from_relabelling`"
|
||||||
+ echo "$exclude"
|
+ echo "$exclude"
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
@ -3223,7 +3242,7 @@ index ae519fc..0890811 100755
|
|||||||
# Set global Variables
|
# Set global Variables
|
||||||
#
|
#
|
||||||
fullFlag=0
|
fullFlag=0
|
||||||
@@ -35,9 +54,7 @@ SYSLOGFLAG="-l"
|
@@ -35,9 +73,7 @@ SYSLOGFLAG="-l"
|
||||||
LOGGER=/usr/sbin/logger
|
LOGGER=/usr/sbin/logger
|
||||||
SETFILES=/sbin/setfiles
|
SETFILES=/sbin/setfiles
|
||||||
RESTORECON=/sbin/restorecon
|
RESTORECON=/sbin/restorecon
|
||||||
@ -3234,7 +3253,7 @@ index ae519fc..0890811 100755
|
|||||||
SELINUXTYPE="targeted"
|
SELINUXTYPE="targeted"
|
||||||
if [ -e /etc/selinux/config ]; then
|
if [ -e /etc/selinux/config ]; then
|
||||||
. /etc/selinux/config
|
. /etc/selinux/config
|
||||||
@@ -87,23 +104,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
@@ -87,23 +123,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
|
||||||
esac; \
|
esac; \
|
||||||
fi; \
|
fi; \
|
||||||
done | \
|
done | \
|
||||||
@ -3259,7 +3278,7 @@ index ae519fc..0890811 100755
|
|||||||
|
|
||||||
rpmlist() {
|
rpmlist() {
|
||||||
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
|
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
|
||||||
@@ -121,23 +125,16 @@ if [ ! -z "$PREFC" ]; then
|
@@ -121,24 +144,34 @@ if [ ! -z "$PREFC" ]; then
|
||||||
fi
|
fi
|
||||||
if [ ! -z "$RPMFILES" ]; then
|
if [ ! -z "$RPMFILES" ]; then
|
||||||
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
|
||||||
@ -3282,11 +3301,30 @@ index ae519fc..0890811 100755
|
|||||||
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
|
||||||
-LogReadOnly
|
-LogReadOnly
|
||||||
-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
|
||||||
|
-rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
|
||||||
|
+#
|
||||||
|
+exclude_dirs="`exclude_dirs_from_relabelling`"
|
||||||
|
+if [ -n "${exclude_dirs}" ]
|
||||||
|
+then
|
||||||
|
+ TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
|
||||||
|
+ test -z "$TEMPFCFILE" && exit
|
||||||
|
+ /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
|
||||||
|
+ exclude_dirs=${exclude_dirs//-e/}
|
||||||
|
+ for p in ${exclude_dirs}
|
||||||
|
+ do
|
||||||
|
+ p="${p%/}"
|
||||||
|
+ p1="${p}(/.*)? -- <<none>>"
|
||||||
|
+ echo "${p1}" >> $TEMPFCFILE
|
||||||
|
+ logit "skipping the directory ${p} from relabelling"
|
||||||
|
+ done
|
||||||
|
+FC=$TEMPFCFILE
|
||||||
|
+fi
|
||||||
+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE
|
+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE
|
||||||
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
|
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
|
||||||
find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
|
find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
|
||||||
find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
|
find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
|
||||||
@@ -146,8 +143,7 @@ exit $?
|
exit $?
|
||||||
|
@@ -146,8 +179,7 @@ exit $?
|
||||||
|
|
||||||
fullrelabel() {
|
fullrelabel() {
|
||||||
logit "Cleaning out /tmp"
|
logit "Cleaning out /tmp"
|
||||||
@ -3296,6 +3334,19 @@ index ae519fc..0890811 100755
|
|||||||
restore
|
restore
|
||||||
}
|
}
|
||||||
|
|
||||||
|
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||||
|
index dfe8aa9..0b4cbaa 100644
|
||||||
|
--- a/policycoreutils/scripts/fixfiles.8
|
||||||
|
+++ b/policycoreutils/scripts/fixfiles.8
|
||||||
|
@@ -29,6 +29,8 @@ new policy, or just check whether the file contexts are all
|
||||||
|
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
||||||
|
jfs file systems as long as they do not have a security context mount
|
||||||
|
option. You can use the -R flag to use rpmpackages as an alternative.
|
||||||
|
+The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
||||||
|
+excluded from relabelling.
|
||||||
|
.P
|
||||||
|
.B fixfiles onboot
|
||||||
|
will setup the machine to relabel on the next reboot.
|
||||||
diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
|
diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..6331660
|
index 0000000..6331660
|
||||||
|
|||||||
@ -1,13 +1,13 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.0.42-3
|
%define libsepolver 2.0.43-2
|
||||||
%define libsemanagever 2.0.43-4
|
%define libsemanagever 2.0.43-4
|
||||||
%define libselinuxver 2.0.90-3
|
%define libselinuxver 2.0.90-3
|
||||||
%define sepolgenver 1.0.23
|
%define sepolgenver 1.0.23
|
||||||
|
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.85
|
Version: 2.0.86
|
||||||
Release: 28%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -163,7 +163,7 @@ Requires(post): /sbin/chkconfig
|
|||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
|
|
||||||
%description sandbox
|
%description sandbox
|
||||||
The policycoreutils-python package contains the scripts to create graphical sandboxes
|
The policycoreutils-sandbox package contains the scripts to create graphical sandboxes
|
||||||
|
|
||||||
%files sandbox
|
%files sandbox
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
@ -331,6 +331,16 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.86-1
|
||||||
|
- Update to upstream
|
||||||
|
* Use correct color range in mcstrand by Richard Haines.
|
||||||
|
|
||||||
|
* Mon Apr 11 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-30
|
||||||
|
- Add Elia Pinto patches to allow user to specify directories to ignore
|
||||||
|
|
||||||
|
* Tue Apr 5 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-29
|
||||||
|
- Fix policycoreutils-sandbox description
|
||||||
|
|
||||||
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
* Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-28
|
||||||
- rsynccmd should run outside of execcon
|
- rsynccmd should run outside of execcon
|
||||||
|
|
||||||
|
|||||||
2
sources
2
sources
@ -1,3 +1,3 @@
|
|||||||
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
|
||||||
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
|
||||||
92fa615448d443b22c4ad6ecf89fc974 policycoreutils-2.0.85.tgz
|
13d864a8a6f8a933ef7aee7baf4a9662 policycoreutils-2.0.86.tgz
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user